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PARALLEL DISTRIBUTION AND FINGERPRINTING OF DIGITAL CONTENT 



Background of the Invention 
5 L Field of the Invention 

The invention relates to distribution of digital content. 
2. Related Art 

10 

Distribution of digital content for media streams, such as for example movies, 
is subject to several problems. One problem is that it is easy to make exact copies of digital 
content, thus allowing any recipient of that content to redistribute it, whether or not 
authorized to do so. It would be advantageous to be able to distribute digital content, 
15 particularly digital content for media streams, without fear of its unauthorized distribution. 
This would be particularly advantageous when it is desired to distribute digital content using 
a communication link, such as for example a computer network or other technique for 
distribution to end viewers (for example, either on demand, in anticipation of future demand, 
or in response to something else). 

20 

One known solution is to mark digital content with a "fingerprint/' so that an 
unauthorized distributor of the content can be determined, thus hopefully deterring potential 
unauthorized distributors. However, fingerprinting of digital content is subject to several 
problems. 

25 

First, fingerprinting can require substantial computation and memory 
resources. If the fingerprint were to be embedded at a single point of origin, that point of 
origin would have to be scaled up in size and power commensurate with the number of 
movies and the number of end viewers requesting those movies. 

30 

Second, fingerprinting can require substantial amount of time to perform. If a 
media stream were to be distributed to end viewers starting at a selected release time, as is 
sometimes common for first-release movies, there would be a substantial delay in 
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distribution at about the release time due to queuing of more requests for the media stream 
than could be handled in real-time. 



Because of the relatively large amounts of data needed to be sent, it would be 
5 advantageous to distribute digital content for media streams in a tiered or cached system, that 
is, one in which the digital content is moved outward from a point of origin to devices that 
are closer to end viewers in terms of (1) cost for communication, (2) latency for sending and 
receiving messages, and other factors. However, conventional fingerprinting is substantially 
inconsistent with a system in which digital content is substantially distributed before the end 
1 0 viewer is known. 

Summary of the Invention 

A method of distributing information, such as digital content for media 
1 5 streams, includes (1) watermarking the digital content, such as for example using a technique 
described in a related application for selecting watermarking locations and embedding 
fingerprinting information therein, "Watermarking and Fingerprinting Digital Content Using 
Alternative Blocks to Embed Information," (Watson et al.) U.S. application number 
10/356,322, filed 31 January 2003, (2) distributing the digital content using a multi-source 
20 system, such as one with a tiered or cached structure, and (3) partially fingerprinting digital 
content at each stage of moving information from a point of origin to the viewer, thus 
generating partially-fingerprinted digital content for maintenance at each intermediate 
device. 

25 An aspect of the method includes maintaining the digital ^ontent in encrypted 

form at each such intermediate device. To send digital content to any receiving device, (1) 
the sending device decrypts the digital content with a key unique to both the sending device 
and the specific content, (2) the sending device selects a portion of the watermark locations 
into which to embed information and embeds fingerprinting information into those locations 

30 sufficient to identify the recipient, and (3) the sending device encrypts the fingerprinted 
digital content with a new key, unique to both the receiving device and the specific content, 
and preferably unique to the particular transaction of sending the digital content. This 
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process of decryption -> partial fingerprinting -> re-encryption is herein sometimes called 
"adaptation'* of the digital content to the recipient. 



In a preferred embodiment, a network of caching devices maintains the digital 
5 content for distribution to end viewers. Adaptation is performed whenever the digital 
content is transferred from any sender to any recipient within the network, including 
transfers between caches at the same or similar distances from the point of origin. Although 
it is possible as a consequence for the viewer to receive digital content that has been partially 
fingerprinted for multiple recipients, the preferred method of fingerprinting provides for 
1 0 detecting individual recipients anyway. 

In a preferred embodiment, the number of watermark locations to be actually 
embedded with fingerprinting information is selected in response to both the perceived 
security of the recipient and resources available for embedding fingerprinting information. 

15 In a first example, a point of origin might select about 10^ such locations when sending 
digital content to each one of a collection of LI (first level) caches, the LI caches might 

select about 10^ such locations when sending digital content to each one of about ICp L2 

caches, the L2 caches might select about 10^ such locations when sending digital content to 

each one of about 10 5 L3 caches, and the L3 caches might select about 10 8 such locations 

20 when sending digital content to each one of about 10^ end viewers. 

Brief Description of the Drawings 

Figure 1 shows a block diagram of a system for distribution of digital content, 
25 including parallel distribution and fingerprinting of digital content. 

Figure 2 shows a block diagram of a system for distribution and adaptation of 
digital content, including key management for parallel distribution and fingerprinting of 
digital content. 

30 

Figure 3 shows a process flow diagram of a method for distribution of digital 
content, including parallel distribution and fingerprinting of digital content. 
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Detailed Description of the Preferred Embodiment 



In the following description, a preferred embodiment of the invention is 
described with regard to preferred process steps and data structures. Those skilled in the art 
5 would recognize after perusal of this application that embodiment of the invention can be 
implemented using one or more general-purpose processors or special-purpose processors or 
other circuits adapted to particular process steps and data structures described herein, and 
that implementation of particular process steps and data structures would not require undue 
experimentation or further invention. 

10 

Lexicon 

The following terms refer or relate to aspects of the invention as described 
below. The descriptions of general meanings of these terms are not intended to be limiting, 
1 5 only illustrative. 

The phrase "media stream" describes information intended for presentation in 
a sequence, such as motion pictures including a sequence of frames or fields, or such as 
audio including a sequence of sounds. As used herein, the phrase "media stream" has a 

20 broader meaning than the standard meaning for "streaming media," (of sound and pictures 
that are transmitted continuously using packets and that start to play before all of the content 
arrives). Rather, as described herein, there is no particular requirement that "media streams" 
must be delivered continuously. Also as described herein, media streams can refer to other 
information for presentation, such as for example animation or sound, as well as to still 

25 media, such as for example pictures or illustrations, and also to databases and other 
collections of information. 

The phrase "digital content" describes data in a digital format, intended to 
represent media streams or other information for presentation to an end viewer. "Digital 
30 content" is distinguished from packaging information, such as for example message header 
information. For the two phrases "digital content" and "media stream," the former describes 
a selected encoding of the latter, while the latter describes a result of presenting any 
encoding thereof. 
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The phrase "embedding information in media streams" describes generating a 
set of digital content for that media stream, for which the digital content both represents the 
media stream and also includes the embedded information in a form capable of later 
detection. 

5 

The term 'Vatermark" describes a schema for digital content by which 
information can be embedded into that digital content. As described herein, an attacker 
cannot easily remove the watermark provided by the invention. However, the concept of a 
watermark as described herein is sufficiently general to include watermarks that are not so 
10 resistant to attack. As described herein, the watermark provided by the invention includes, 
within the media stream, both a set of locations at which to embed information and possible 
alterations to make at those locations by which information is embedded. However, the 
concept of a watermark as described herein is sufficiently general to include watermarks 
using other techniques for embedding information. 

15 

The term "fingerprint' 1 describes a specific set of information sufficient to 
identify at least one designated recipient of digital content. As described herein, multiple 
attackers colluding together cannot easily remove the fingerprint provided by the invention, 
or prevent at least one of them from being detected as unauthorized distributor of the digital 

20 content. However, the concept of the fingerprint as described herein is sufficiently general . 
to include fingerprints that are not so resistant to removal, or do not provide such capability . 
for detecting unauthorized distributors of the digital content. As described herein, the 
fingerprint provided by the invention includes, within the media stream, a specific set of 
alterations to make at the locations identified by the watermark. However, the concept of the 

25 fingerprint as described herein is sufficiently general to include fingerprints using other 
techniques for embedding information, detecting the embedded information, and detecting 
unauthorized distributors of the digital content. 

The term "adaptation" describes a process in which a sender delivers digital 
30 content to a recipient. As described herein, the sender decrypts its copy of the digital 
content, embeds information in the media stream represented by that digital content (thus 
partially fingerprinting that digital content), and re-encrypts that partially fingerprinted 
digital content. The sender delivers the adapted digital content to the recipient. 
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The phrase "end viewer" describes a recipient of the media stream for whom 
decoding of the digital content for the media stream, and presentation of the media stream, is 
contemplated. 

5 The term "end viewer premises" describes premises where presentation of 

media streams to an end viewer is contemplated. 

The term "decoding" describes generating data in a form for presentation of 
the media stream, in response to the digital content for the media stream in an encoded 
10 format. As described herein, the encoded format might include an industry standard encoded 
format such as MPEG-2. However, the concept of decoding as described herein is 
sufficiently general to include other encoding formats for media stream. 

The term "presentation" describes generating information in a form for 
1 5 viewing of the media stream, such as for example audio and visual information for viewing a 
movie. As described herein, presentation of a movie might include visual display of the 
frames or fields of motion picture, as well as audio presentation of a soundtrack associated 
with that motion picture. However, the concept of presentation as described herein is 
sufficiently general to include a wide variety of other forms of generating information for 
20 reception by end viewers, including audio, visual, or otherwise. 

The phrases "original movie" and "alt-movie" describe alternative versions of 
the same media stream, such as one being an original version of that media streams 
introduced into a system using aspects of the invention, and another being an alternative 

25 version of that same media streams generated in response to the original movie. Similarly, 
the phrases "original block" and "alt-block" describe alternative versions of the same 
individual block or macroblock within the original movie or alt-movie. As described herein, 
a difference between the original movie and the alt-movie is historical, in that the alt-movie 
can be substituted for the original movie in nearly every respect. Similarly, a difference 

30 between any one original block and its associated alt-block is historical, in that the alt-block 
can be substituted for the original block in nearly every respect. 
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Other and further applications of the invention, including extensions of these 
terms and concepts, would be clear to those of ordinary skill in the art after purchasing this 
application. These other and further applications are part of the scope and spirit of the 
invention, and would be clear to those of ordinary skill in the art without further invention or 
5 undue experimentation. 

System Elements 

Figure 1 shows a block diagram of a system for distribution of digital content, 
10 including parallel distribution and fingerprinting of digital content. 

A system 100 includes a video distribution network 110, the video 
distribution network 1 10 including at least one injection origin 120 and the video distribution 
network 110 including a plurality of end viewer premises 130. 

15 

7. Distribution from the injection origin to the end viewer premises. 

The injection origin 120 receives digital content 121 for media streams from 
sources outside the video distribution network 110. In a preferred embodiment, these 

20 sources might include content producers or content aggregators, such as for example movie 
production studios, television studios, or radio or television network syndicators. If 
necessary, the injection origin 120 formats the digital content 121, watermarks it, and 
encrypts it for storage at the injection origin 120. In a preferred embodiment, the injection 
origin 1 20 uses a method of watermarking such as for example described in a related 

25 application for watermarking digital content ("Watermarking and Fingerprinting Digital 
Content Using Alternative Blocks to Embed Information," application number 10/356,322, 
(Watson et al.) filed 31 January 2003). 

The video distribution network 110 includes a network of caching devices 
30 111, each capable of acting individually or in concert, to receive, store, and distribute the 
digital content 121 from the injection origin 120 to end viewer premises 130 for presentation 
to one or more end viewers. In a preferred embodiment, requests from end viewers prompt 
the video distribution network 110 to distribute the digital content 121 to end viewer 
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premises 130, thus using a "pull" model for distribution. However, in alternative 
embodiments, the injection origin 120 or another device may prompt the video distribution 
network 110 to distribute the digital content 121 to end viewer premises 130, thus 
alternatively using a "push" model or another model for distribution. 

5 

In a preferred embodiment, the caching devices 111 are disposed in a tiered 
distribution system, including primary caches 1 12, intermediate caches 113, and leaf caches 
114. The primary caches 112 receive the digital content 121 directly from the injection 
origin 120. The intermediate caches 113 receive the digital content 121 from primary caches 
10 1 12, or from other intermediate caches 113 closer by the network topology to the injection 
origin 120. The leaf caches 114 receive the digital content 121 from intermediate caches 
113, or possibly directly from primary caches 112, and distribute the digital content 121 
directly to end viewer premises 130. 

15 In a preferred embodiment, the video distribution network 110 includes a 

redundant communication network, such as the Internet or a secure subset thereof. However, 
in the context of the invention there is no particular requirement for the video distribution 
network 1 10 to use any particular communication technique. In alternative embodiments, 
any communication technique capable of delivering copies of the digital content 121 from 

20 the injection origin 120, through the video distribution network 110, and ultimately to end 
viewer premises 130, would also be suitable. 

In a preferred embodiment, distribution of digital content 121 using the video 
distribution network 1 10 provides that copies of the digital content 121 might be recorded 
25 and maintained at multiple caching devices 111, and might be delivered using more than one 
pathway from the injection origin 120 to the end viewer premises 130. 

For a first example, copies of the digital content 121 might be delivered from 
the injection origin 120 to two different intermediate caches 113 (A and B), and from those 
30 intermediate caches 1 13 (A and B) to multiple end viewer premises 130. In the event that 
one of those intermediate caches 1 13 (A) later discards its copy of the digital content 121, it 
can receive another copy from the other intermediate cache 1 13 (B) for further delivery to 
end viewer premises 130. 



8 



WO 2004/006494 PCT/US2003/021404 

For a second example, different portions of the digital content 121 might be 
delivered from the injection origin 120 to different intermediate caches 1 13 (A and B), and 
from those intermediate caches 1 13 (A and B) to the same end viewer premises 130. This 
might occur if the act of sending the digital content 121 from the injection origin 120 to the 
5 end viewer premises 130 was interrupted, such as for example by a communication link 
failure within the video distribution network 110 or alternatively by user action, and was 
later resumed and completed. 

2. Distribution to each recipient using the video distribution network. 

10 

Whenever any sender delivers digital content 121 to any recipient within the 
video distribution network 1 10, the sender performs adaptation of the digital content 121 for 
that recipient. In a preferred embodiment, adaptation is performed every time digital content 
is sent, including every time a sender delivers digital content to either a new recipient for 
15 that content or a recipient who may have already received that content. In alternative 
embodiments, adaptation might be performed at a subset of these times. 



Adaptation preferably is performed for all recipients, including both caching 
devices 111 and end viewer premises 130. This would include transfers among caching 
20 devices 111, even those the same or similar distance from the injection origin 120. 
However, in the context of the invention there is no particular requirement for adaptation to 
be performed for all possible recipients, so that in alternative embodiments, some portion of 
the video distribution network 110 might transmit the digital content 121 through without 
decrypting, fingerprinting or re-encrypting it. 

25 

More generally, at points in the video distribution network 1 1 0, the system 
100 might perform one or more of the functions of decrypting, fingerprinting and re- 
encrypting the digital content 121, including all possible cases in which (a) decryption is 
performed first if it is performed at all, (b) encryption is performed last if it is performed at 
30 all, and (c) fingerprinting is performed at least once. However, it is possible that not all such 
combinations are necessarily useful. In the following description, those cases where 
fingerprinting is performed more than once are considered equivalent to cases where 
fingerprinting is performed exactly once. For example, not intended to be limiting in any 
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way, in alternative embodiments the following might be performed at some point in the 
video distribution network 1 10: 



• decryption, fingerprinting, and re-encryption, with the effect that the digital content 
5 121 is adapted from a first point to a second point in the video distribution network 

1 1 0 with both a fingerprint and a new key; 

• decryption and re-encryption (without fingerprinting), with the effect that the digital 
content 121 is adapted from a first point to a second point in the video distribution 

10 network 1 10 with a new key but no fingerprint; 

• fingerprinting and new encryption, with the effect that the digital content 12 1 is 
imported from an unencrypted form and introduced into the video distribution 
network 1 10 with an encryption key; or alternatively, with the effect that the digital 

15 content 121 is fingerprinted and has a new encryption key layered onto it; 

• new encryption (without fingerprinting), with the effect that the digital content 121 is 
imported from an unencrypted form and introduced into the video distribution 
network 1 10 with an encryption key but no fingerprint; or alternatively, with the 

20 effect that the digital content 121 has a new encryption key layered onto it; 

• decryption and fingerprinting, with the effect that the digital content 121 is made 
capable of presentation, such as to an end viewer, but the presentable copy is 
fingerprinted for each such presentation; 

25 

• decryption (without fingerprinting), with the effect that the digital content 121 is 
made capable of presentation, such as to an end viewer, but without fingerprinting; 

• no action, with the effect that the digital content 121 is sent from a first point to a 
30 second point in the video distribution network 1 10 without change. 

As described above, it is therefore possible as a consequence for individual 
end viewer premises 130 to receive digital content 121 that has been partially fingerprinted 

10 
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for multiple recipients. However, in a preferred embodiment, the method of fingerprinting 
(such as for example using a technique for detecting collusion among multiple recipients of 
fingerprinted digital content) provides for detecting individual recipients anyway. 

5 When an individual end viewer premises 130 receives the encrypted, 

fingerprinted digital content 121, it records that digital content 121 in a local video library 
131. The local video library 131 maintains the digital content 121 in its encrypted, 
fingerprinted form for later distribution to one or more playback elements 132. In response 
to a request by an end viewer, the local video library 131 distributes the digital content 121 
10 to one or more playback elements 132, at which the digital content 121 is substantially 
simultaneously decrypted and presented to end viewers for viewing. 

Distribution and Adaptation 

1 5 Figure 2 shows a block diagram of a system for distribution and adaptation of 

digital content, including key management for parallel distribution and fingerprinting of 
digital content. 

As described herein, the injection origin 120 receives digital content 121 for 
20 media streams, such as a movie, and watermarks it, producing a watermarked version of the 
digital content 121, labeled M in the figure. 

Upon receiving the digital content 121, the injection origin 120 contacts a key 
server 201 using a key exchange protocol. In a preferred embodiment, the key exchange 
25 protocol uses the SSL technique for secure communication, or a similar technique. 

The key server 201 generates a content encryption key 202 Em unique to the 
digital content 121 M In a preferred embodiment, the key server 201 generates a content 
encryption key 202 Em for use with the AES-128 encryption technique, or a similar 
30 technique. The injection origin 120 uses the content encryption key 202 Em to encrypt the 
digital content 121, producing an encrypted and watermarked version Em (M) of the digital 
content 121. 
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In response to a request from an end viewer or to any desire to distribute the 
content to a cache or end viewer, for example in anticipation of requests that have not yet 
come, the injection origin 120 adapts its encrypted and watermarked version Em (M) of the 
digital content 121 for delivery to a recipient in the video distribution network 110. 

5 

7. Key exchange and adaptation of the digital content. 

Each time the digital content 121 is adapted for delivery to a recipient, a key 
exchange occurs between a sending device 203 of the digital content 121 and the key server 

10 201. In this key exchange, the sending device 203 requests the previous content encryption 
key 202 (now effectively a content decryption key Dm) and a new content encryption key 
202 Em from the key server 201. The key server 201 generates a new content encryption 
key 202 Em that is unique to both the digital content 121 and the sending device 203. 
Preferably, the new content encryption key 202 Em is also unique to the particular 

15 transaction of sending the content; if that content is sent by the same sending device on 
another occasion to another, or even the same, node or end viewer, the content encryption 
key 202 Em is preferably different. 

The key server 201 packages that new content encryption key 202 Em in an 
20 adaptation certificate message 204 Ky (Dm; Em) encrypted using a secure key Ky that is 
restricted to a secure portion 205 of the sending device 203. In a preferred embodiment, the 
key server 201 generates the new content encryption key 202 Em for use with the AES-128 
encryption technique or a similar technique. The secure key Ky preferably is adapted for 
use with the AES-256 encryption technique or with a similar technique. 

25 

In a preferred embodiment, the secure portion 205 of sending device 203 
includes a hardware element having a secure key Ky that is restricted to that secure portion 
205, and is not generally available to the rest of the sending device 203. 

30 The key server 201 generates the adaptation certificate message 204 that 

includes the decrypting key Dm (that is, the old content encryption key 202) that was used 
for encrypting the digital content 121 for delivery to the sending device 203 and the 

12 
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encrypting key Em (that is, the new content encryption key 202) to be used for encrypting 
the digital content 121 for delivery to a receiving device. In the preferred embodiment, this 
message also includes data to be used in fingerprinting, a message-type value and a SHA-1 
message digest for added security. In alternative embodiments, other message digests 
5 besides SHA-1 might be used, such as for example other values computed in response to the 
content of the message and not easily reversed to retrieve the content of the message. 
Moreover, in alternative embodiments, other and further additional data may be included 
with the message, such as for example a date-stamp or time-stamp, a serial number, or other 
information not easily available to an attacker. 

10 

The adaptation certificate preferably is encrypted using a secure key Ky that 
is restricted to the secure portion 205 of the sending device 203, resulting in the adaptation 
certificate message 204 Ky (Dm; Em)- As a result, only the secure portion 205 of the 
sending device 203 should be able to obtain either the decrypting key Dm or the encrypting 
15 key Em> and the rest of the sending device 203 generally should not have access to any of 
these keys. 

More specifically, the adaptation certificate message 204 Ky (D^j; Em) 
includes at least the following: 

20 

• A 4-byte message-type value, indicating that the message 204 is in fact an adaptation 
certificate message 204. In one embodiment, the message-type value might take on 
one of six possible values, indicating that the message includes (1) an original 
content encryption key 202 Dm for content from an injection point 120, (2) an 

25 adaptation content encryption key 202 Dm for content from a sending device 203 

other than an injection point 120, (3) a content decryption key 202 Kp for decrypting 
a playback certificate 206, (4) a content decryption key 202 Ky for adapting content 
M, (5) an adaptation certificate message 204, or (6) a playback certificate message 
206. The message type helps prevent encrypted messages from being recorded by an 

30 attacker in one context and replayed in a different context. 



• The 16-byte old content encryption key 202 Dm- 
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• A 16-byte permutation key, including a cryptographically secure indicator for a 
permutation of fingerprinting information. 

• A 16-byte fingerprinting key, including a a cryptographically secure indicator for a 
set of fingerprinting data. 

• A 20-byte SHA-1 message digest of the adaptation certificate message 204 (so far). 

• An 8-byte pad of zero-bits to bring the length of the adaptation certificate message 
204 to 96 bytes. 

The secure portion 205 of the sending device 203 responds to the adaptation 
15 certificate message 204 Ky (Dm; Em) from the ke y server 201, which was encrypted using 
the secure key Ky and including both the decrypting key Dm and the encrypting key Em- 
The secure portion 205 decrypts the encrypted and watermarked version Dm ( m ) of the 
digital content 121 using the decrypting key Dm, thus generating an unencrypted copy M of 
the digital content 121. The secure portion 205 partially fingerprints the unencrypted copy 
20 M of the digital content 121, thus generating an unencrypted partially fingerprinted copy M+ 
of the digital content 121. 



The secure portion 205 re-encrypts the partially fingerprinted copy M+ of the 
digital content 121 using the encrypting key, thus generating a re-encrypted partially 
25 fingerprinted copy Em (M+) of the digital content 121. This re-encrypted partially 
fingerprinted copy Em (M+) of the digital content 121 is herein sometimes referred to as the 
adapted copy M* of the digital content 121 . 

A sending device 203 can send the adapted copy M* to another sending 
30 device for re-adaptation. This is shown in Figure 2 by the arrow looping around the top 
sending device 203. In each iteration, a new decrypting key Dm, new encrypting key Em, 
and new secure key Ky preferably are used. Furthermore, fingerprinting information 
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preferably is added at each level. Different amounts of fingerprinting information can be 
embedded in the content at different levels, depending on security considerations. 



For example, in the video distribution network illustrated in Figure 1, sending 
5 devices in the form of caches at different levels send the digital content to other caches 
before the content reaches end viewer premises 130. The injection point 120 might select 

about 10^ fingerprint locations when sending digital content to each one of a collection of 
LI (first level) caches, the LI caches might select about 10^ such locations when sending 
digital content to each one of about 10^ L2 caches, the L2 caches might select about 10^ 
1 0 such locations when sending digital content to each one of about 1 0 5 L3 caches, and the L3 
caches might select about 10^ such locations when sending digital content to each one of 
about 1 0^ end viewers. Fewer or more levels can be utilized when distributing the content, 
and fewer or more locations can be selected at each level. 

15 Eventually, the digital content is sent to a sending device that in turn sends 

the content to end viewer premises 130. Such a sending device is shown as the bottom 
sending device 203 in Figure 2. 

2. Delivery and playback at end viewer premises. 
20 : - 
In a preferred embodiment, the adapted copy M* of the digital content 121 
that is generated for the end viewer premises 130 is no longer partially fingerprinted, but is 
fully fingerprinted. However, in the context of the invention there is no particular 
requirement that the adapted copy M* of the digital content 121 that is generated for the end 
25 viewer premises 130 must be fully fingerprinted. In alternative embodiments, some of the 
watermarked locations at which information might be embedded in the digital content 1 2 1 
may be left un-fingerprinted. 

For a first example, the end viewer premises 130 might include a trusted local 
30 distributor, such as a business entity operating to rent or sell copies of the digital content 121 
to retail customers. In this first example, the end viewer premises 130 would also provide 

15 
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for further adapting the digital content 121 when renting or selling copies of the digital 
content 121 to retail customers. 

For a second example, the end viewer premises 1 30 might include a secure 
5 portion 205. In this second example, the end viewer premises 130 would also provide for 
further adapting the digital content 121 according to business rules embedded in, or securely 
downloaded to, the secure portion 205. In this second example, one such business rule 
would provide for further adapting the digital content 121 each time a playback certificate 
(as described below) was issued for the digital content 121 . 

10 

Each time the digital content 121 is delivered to end viewer premises 130, a 
playback certificate exchange occurs between the local video library 1 3 1 and the key server 
201. In this playback certificate exchange, the local video library 131 requests a playback 
certificate 206 from the key server 201. The key server 201 reviews business rules 
15 applicable to playback of the media stream represented by the digital content 121, and 
determines if playback of the media stream is allowed. If so, the key server 201 generates a 
playback certificate 206 for the media stream. 

The playback certificate 206 Kp (Dm) includes a decrypting key Dm, which 
20 was used as the encrypting key Em by the leaf cache 1 14 when re-encrypting the partially 
fingerprinted copy M+ of the digital content 121 to generate the adapted copy M* of the 
digital content 121. In the preferred embodiment, the playback certificate 206 Kp (Dm) also 
includes a message-type value and a SHA-1 message digest. In alternative embodiments, 
other message digests besides SHA-1 might be used, such as for example other values 
25 computed in response to the content of the message and not easily reversed to retrieve the 
content of the message. Moreover, in alternative embodiments, other and further additional 
data may be included with the message, such as for example a date-stamp or time-stamp, a 
serial number, or other information not easily available to an attacker. The playback 
certificate 206 Kp (Dm) is itself encrypted using a secure playback key Kp specific to the 
30 playback element 132 for which the playback certificate 206 is issued. In a preferred 
embodiment, the secure playback key Kp is adapted for use with the AES-256 encryption 
technique, or a similar technique. 

16 
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More specifically, the playback certificate message 206 Kp (Dm) includes at 
least the following: 



• A 4-byte message-type value, indicating that the message 204 is in fact an playback 
5 certificate message 206. 

• The 16-byte old content encryption key 202 Dm- 

• An 1 6-byte output format word, indicating whether the content is low resolution (640 
10 x 480, 704 x 480, or NTSC), medium resolution (1 280 x 720), or high resolution 

(1920 x 1080), and indicating whether the content is in an output mode that is analog 
(without copy protection), analog (with "Macrovision" copy protection), DVI 
(without copy protection), or DVI (with "HDCP" copy protection). 

15 • A 20-byte SHA-1 message digest of the playback certificate message 206 (so far). 

• An 8-byte pad of zero-bits to bring the length of the playback certificate message 206 
to 64 bytes. 

20 When the local video library 131 at the individual end viewer premises 130 

has obtained both the playback certificate 206 Kp (Dm), and the adapted copy M* of the 
digital content 121, equal to the re-encrypted fingerprinted copy Dm (M+) of the digital 
content 121, it is able to deliver those data to the playback element 132 having the secure 
playback key Kp, which is able to decrypt and decode the adapted copy M* of the digital 

25 content 121, and present the unencrypted fingerprinted copy M+ of the digital content 121 to 
end viewers. 

Method of Operation 

30 Figure 3 shows a process flow diagram of a method for distribution of digital 

content, including parallel distribution and fingerprinting of digital content. 
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In Figure 3, the preferred location for performing each step is indicated by the 
labels "Injection Origin," "Sending Device(s)," and "End Viewer Premises," along with the 
accompanying dashed-line boxes. While this division is preferred, the invention 
encompasses embodiments in which the steps are performed at other locations than those 
5 shown. 

Furthermore, although described serially, the flow points and method steps of 
the method 300 can be performed by separate elements in conjunction or in parallel, whether 
asynchronously or synchronously, in a pipelined manner, or otherwise. In the context of the 
10 invention, there is no particular requirement that the method must be performed in the same 
order in which this description lists flow points or method steps, except where explicitly so 
stated. 

1. Receiving digital content. 

15 

At a flow point 310, the injection origin 120 is ready to receive digital content 
1 2 1 for media streams. 

At a step 31 1, the injection origin 120 formats the digital content 121. 

20 

At a step 312, the injection origin 120 watermarks the digital content 121, as 
described in a related application, "Watermarking and Fingerprinting Digital Content Using 
Alternative Blocks to Embed Information," U.S. application number 10/356,322, (Watson et 
al.) filed 31 January 2003. 

25 

At a step 313, the injection origin 120 encrypts the digital content 121 for 
storage. To perform the step, the injection origin 120 conducts a key exchange with the key 
server 201 . This key exchange includes the following sub-steps: 

30 • (A) The injection origin 120 requests a new content encryption key 202 Dm 

from the key server 201 . An SSL message exchange governs the request for a 
new content encryption key 202 Dm, and the response providing the new 
content encryption key 202 D^. 

18 
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• (B) The key server 201 generates the new content encryption key 202 Dm> 
specific to the particular digital content 121. In a preferred embodiment, the 
key server 201 generates the new content encryption key 202 Dm for use 
with the AES-128 encryption technique, or a similar technique. 

• (C) The key server 201 sends the new content encryption key 202 Dm to the 
injection origin 120. 

• (D) The injection origin 120 uses the content encryption key 202 Dm to 
encrypt the digital content 121, producing an encrypted and watermarked 
version Dm (M) of the digital content 121. 

2. Adapting and sending digital content. 

At a flow point 320, a sending device 203 in the video distribution network 
1 10 is ready to adapt and send the digital content 121 to a receiving device 203. 

At a step 321, the sending device 203 conducts a key exchange with the key 
server 201 . This key exchange includes the following sub-steps: 

• (A) The sending device 203 requests a new content encryption key 202 from 
the key server 201 . 

• (B) The key server 201 generates a new content encryption key 202 Em that 
is unique to both the digital content 121 and the sending device 203, and 
preferably also unique to the particular transaction of sending the digital 
content. 

• (C) The key server 201 packages the new content encryption key 202 Em i n 
the adaptation certificate message 204 Ky (Dm; Em) encrypted using a 
secure key Ky that is restricted to a secure portion 205 of the sending device 
203. 
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• (D) The key server 201 sends the adaptation certificate message 204 Ky 
(Dm; Em) to the sending device 203. 



• (E) The sending device 203 delivers the adaptation certificate message 204 
Kv ( D M; e M) to a secure portion 205 at the sending device 203. 

At a step 322, the sending device 203 adapts the digital content 121 for 
delivery to the receiving device. This adaptation includes the following sub-steps: 

• (A) The secure portion 205 at the sending device 203 retrieves its secure key 
Ky, and decrypts the adaptation certificate message 204 Ky (Dm; Em)- 

• (B) The secure portion 205 uses the old content encryption key 202 Dm to 
decrypt the digital content 121 M. 

• (C) The secure portion 205 partially fingerprints the digital content 121 M, 
thus generating partially fingerprinted digital content 121 M+. 

• (D) The secure portion 205 re-encrypts the partially fingerprinted digital 
content 121 M+ using the new content encryption key 202 Em, thus 
generating the adapted digital content 121 M*. 

At a step 323, the sending device 203 sends the adapted digital content 121 
M* to the receiving device 203. 

Digital content can be sent from one sending device to another sending 
device, for example from one cache to another cache in a video distribution network. Thus, 
flow can proceed from step 323 back to step 320 for re-adaptation, as indicated by the arrow 
between these two steps in Figure 3. Different keys and locations for embedding fingerprint 
information preferably are used at each sending device. At some point, the digital content 
preferably is sent to an end viewer premises for presentation, as indicated by the arrow from 
step 323 to step 330. 
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At a flow point 330, the individual end viewer premises 130 requests digital 
content 121 for presenting media streams represented by that digital content 121 to one or 
5 more end viewers. This step can be performed responsive to a request for content by an end 
viewer at the end viewer premises, in anticipation of demand by an end viewer, or for some 
other reason. 

At a step 33 1 , the request for digital content 1 2 1 is received by at least one 
10 caching device 1 1 1 (preferably a leaf cache 1 14) in the video distribution network 1 10. 

At a step 332, the local video library 131 conducts a playback certificate 
exchange with the key server 201 . The playback certificate exchange includes the following 
sub-steps: 

15 

• The local video library 131 requests a playback certificate 206 from the key 
server 201. 

• The key server 201 reviews business rules applicable to playback of the 
20 media streams represented by the digital content 121, and determines if 

playback of the media streams is allowed. If so, the method 300 continues 
with the substep (C). 

• The key server 201 generates a playback certificate 206 for the digital content 
25 121 representing the media stream. 

• The key server 201 sends the playback certificate 206 to the local video 
library 131. 

30 At a step 333, the local video library 131 at individual end viewer premises 

130 sends the digital content 121 in its encrypted, fingerprinted form to one or more 
playback elements 132. 
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At a step 334, the local video library 131 sends the playback certificate 206 to 
those playback elements 132. 



At a step 335, playback elements 132 (if able to use the playback certificate 
5 206) decrypt and decode the digital content 121, and concurrently present the media streams 
represented by that digital content 121. 

Generality of the Invention 

10 The invention is useful for, and has sufficient generality for, applications 

other than distribution of media streams. For example, the invention can be applied to 
software, data streams generated in real-time such as virtual reality simulations, digitized 
analog content, and to other content. In addition, the invention is not limited to distribution 
of content, but rather is also applicable to other settings. For example, the invention is also 

15 generally useful for applications in which security of datasets or identifying recipients of 
those datasets is desired. 

Furthermore, the invention is described herein using symmetric encryption, in 
which a same key is used for encryption and decryption. However, the invention can be 
20 implemented using asymmetric encryption (such as for example, public key encryption) 
without undue experimentation or further invention. Therefore, any single key described in 
this disclosure (including the claims) as both encrypting and decrypting content should be 
read to encompass the respective keys of a asymmetric key pair (such as for example, a 
public key/private key pair). 

25 

Although preferred embodiments are disclosed herein, many variations are 
possible which remain within the concept, scope, and spirit of the invention. These 
variations would become clear to those skilled in the art after perusal of this application. 

30 Those skilled in the art will recognize, after perusal of this application, that 

these alternative embodiments are illustrative and in no way limiting. 
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1 . A method, including steps of: 

generating, in response to digital content, watermarked digital content having 
5 a set of locations therein at which fingerprinting information can be embedded; 

distributing said digital content using a multi-source system, said multi- 
source system including at least one point of origin and at least one intermediate device 
disposed between said point of origin and an end viewer; and 

partially fingerprinting said digital content at each intermediate device when 
10 sending information for presentation to said end viewer, whereby partially-fingerprinted 
digital content is generated at each said intermediate device. 

2. A method as in claim 1, wherein said digital content includes a 
representation of a media stream. 

15 

3. A method as in claim 1, wherein said plurality of sources are disposed in a 
cached structure or a tiered structure. 

4. A method as in claim 1 , wherein a degree of fingerprinting at each source 
20 is responsive to a position of that source in the cached structure or tiered structure. 

5. A method as in claim 1, wherein said steps of distributing and partially 
fingerprinting include steps of: 

decrypting said digital content with a first key, whereby decrypted digital 
25 content is generated; 

partially fingerprinting said decrypted digital content with information 
sufficient to identify a recipient, whereby fingerprinted digital content is generated; and 
encrypting said fingerprinted digital content with a second key. 

30 6. A method as in claim 5, wherein said first key and said second key are 

supplied by a key server. 
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7. A method as in claim 6, wherein for each intermediate device, said first 
key and said second key are supplied in a message encrypted with a third key. 



8. A method as in claim 7, wherein the third key for each intermediate device 
5 is stored in a secure portion of the intermediate device. 

9. A method as in claim 5, wherein said first key is distinct from said 

second key. 

10 10. A method as in claim 1, wherein said steps of distributing and partially 

fingerprinting include steps of: 

decrypting said digital content with a first key, whereby decrypted digital 
content is generated; 

partially fingerprinting said decrypted digital content with information 
15 sufficient to identify a transaction in distributing said digital content, whereby fingerprinted 
digital content is generated; and 

encrypting said fingerprinted digital content with a second key. 

1 1 . A method as in claim 10, wherein said first key and said second key are 
20 supplied by a key server. 

12. A method as in claim 10, wherein for each intermediate device, said first 
key and said second key are supplied in a message encrypted with a third key. 

25 1 3. A method as in claim 12, wherein the third key for each intermediate 

device is stored in a secure portion of the intermediate device. 

14. A method as in claim 10, wherein said first key is distinct from said 

second key. 

30 

15. A method as in claim 1 0, wherein playback to the end viewer is 
responsive to a playback certificate. 
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16. A method as in claim 15, wherein the playback certificate is issued by a 

key server. 

17. A method as in claim 16, wherein the playback certificate is encrypted 
5 with a playback certificate key. 

1 8. A method as in claim 17, wherein the playback certificate key is stored in 
a secure portion of an end viewer premises disposed to present the digital content to the end 
viewer. 

10 

19. A method as in claim 16, wherein the key server issues the playback 
certificate responsive to business rules. 

20. A method as in claim 19, wherein the business rules are responsive to 
1 5 the digital content and to the end viewer. 
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